Tag: HIPAA
-
HHS Proposes Mandating MFA, Data Encryption in HIPAA
First seen on scworld.com Jump to article: www.scworld.com/news/hhs-proposes-mandating-mfa-data-encryption-in-hipaa
-
2 HIPAA Business Associates Pay HHS Ransomware Settlements
Agency Kicks Off New Year With First HIPAA Enforcement Actions, $170K in Fines. A Massachusetts firm that provides billing and other services to home health agencies and a Virginia-based data hosting and cloud provider are the latest companies paying federal regulators settlements. HHS levied $170,000 in fines following investigations into ransomware breaches. First seen on…
-
What to Know About the Proposed New HIPAA Rules
If approved, the proposed new HIPAA rules will reshape the landscape of healthcare cybersecurity, partially addressing the recent OIG report’s findings on the ineffectiveness of current HIPAA audits. For CISOs, these changes present both opportunities and challenges as they work to enhance their organizations’ cybersecurity practices. The updated compliance requirements for electronic protected health information……
-
Privacy Roundup: Week 1 of Year 2025
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
New HIPAA Cybersecurity Rules Pull No Punches
Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/hipaa-security-rules-pull-no-punches
-
Proposed HIPAA Amendments Will Close Healthcare Security Gaps
Tags: authentication, control, cybersecurity, healthcare, HIPAA, mfa, network, privacy, regulation, threatThe changes to the healthcare privacy regulation with technical controls such as network segmentation, multi-factor authentication, and encryption. The changes would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/proposed-hipaa-amendments-close-healthcare-security-gaps
-
What’s in HHS’ Proposed HIPAA Security Rule Overhaul?
Experts: New Mandates Could Be Difficult, Costly for Many Entities. The U.S. Department of Health and Human Services’ proposed overhaul of the 20-plus-year-old HIPAA Security Rule aims to drastically improve the state of healthcare sector cybersecurity, but the potential new requirements could mean difficult and expensive heavy lifting for many regulated entities. First seen on…
-
HIPAA to be updated with cybersecurity regulations, White House says
The Biden administration is proposing an overhaul of the data security rules under the landmark Health Insurance Portability and Accountability Act (HIPAA).]]> First seen on therecord.media Jump to article: therecord.media/hipaa-cybersecurity-regulations-update
-
White House Clears HIPAA Security Rule Update
HHS Proposes Encryption, Security Standards for Healthcare Firms. The U.S. Department of Health and Human Services is proposing new rules for healthcare organizations that aim to bolster protections for Americans by requiring companies to encrypt sensitive patient data and conduct routine compliance evaluations amid increased threats targeting the sector. First seen on govinfosecurity.com Jump to…
-
Is Your Website Leaking Sensitive Patient Information to Facebook? A disturbing story about HIPAA (and How to Avoid It)
Picture this scenario: You’ve used every tool you have to secure your web pages and forms so patient information is safe. One day, a potential patient Googles “hysterectomy options” and ends up on your hospital’s website. They browse around, maybe even schedule an appointment online. You have no reason to worry, right? Because you’ve done…The…
-
ConnectOnCall data breach impacted over 900,000 individuals
ConnectOnCall disclosed a data breach impacting over 900,000 individuals, exposing their personal information. ConnectOnCall is a telehealth platform and after-hours on-call answering service designed to enhance communication between healthcare providers and patients. It offers automated patient call tracking, HIPAA-compliant chat, and integrates with electronic health record (EHR) systems to streamline after-hours calls and care coordination.…
-
Navigating HIPAA Compliance When Using Tracking Technologies on Websites
Websites have become indispensable tools for healthcare organizations to connect with patients, streamline operations, and enhance service delivery. Modern websites are composed of components that “build” unique user experiences in real time.However, the use of tracking technologies on these websites presents unique challenges in complying with the Health Insurance Portability and Accountability Act of 1996…The…
-
Unauthenticated Webpages: Hidden HIPAA Risks on Public-Facing Websites
When we think about HIPAA compliance and websites, the focus often shifts to patient portals, online scheduling systems, and other secure areas requiring user authentication. However, it’s crucial to recognize that even unauthenticated webpages, those accessible to the public without logging in, can present hidden HIPAA risks. Let’s explore these often-overlooked vulnerabilities and discuss how…The…
-
Websites and HIPAA: Navigating Online Tracking Technologies
Today, healthcare providers, insurers, and other HIPAA-covered entities are increasingly relying on websites to share information, engage with patients, and streamline operations. While websites offer numerous benefits, it’s crucial to understand the implications of online tracking technologies for the privacy and security of protected health information (PHI). This blog post examines the intersection of websites,…The…
-
Clearinghouse Pays $250K Settlement in Web Exposure Breach
Inmediata Health Group Has Paid $2.7M in Fines, Civil Claims for 2019 HIPAA Breach. A breach that exposed the personal information of nearly 1.6 million patients of a Puerto Rico-based clearinghouse has led to a $250,000 financial settlement with federal regulations for multiple HIPAA violations. The 2019 leak has cost Inmediata Health $2.7 million in…
-
Gen AI use cases rising rapidly for cybersecurity, but concerns remain
Tags: ai, attack, automation, awareness, ceo, ciso, compliance, control, cybersecurity, data, detection, finance, framework, fraud, GDPR, governance, grc, group, guide, Hardware, HIPAA, incident response, intelligence, international, malware, middle-east, monitoring, phishing, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, soc, software, strategy, technology, threat, tool, training, usaGenerative AI is being embedded into security tools at a furious pace as CISOs adopt the technology internally to automate manual processes and improve productivity. But research also suggests this surge in gen AI adoption comes with a fair amount of trepidation among cybersecurity professionals, which CISOs must keep in mind when weaving gen AI…
-
Insider Breach, Email Attacks Net $1.7M in HIPAA Fines
Incidents at Pain Management Firm, Pediatric Hospital Affect 50,000 People. An insider breach at a Florida pain management firm and an email breach at a Colorado pediatric hospital have resulted in more than $1.7 million in fines for HIPAA violations found by federal investigators. The two incidents affected fewer than 50,000 people. First seen on…
-
KI-gestützte Lösung zur Verbesserung der Patientenversorgung in Senioren- und Pflegeeinrichtungen
Die -Lösung von Kepler Vision Technologies und Mobotix hat diese Woche ein wichtiges Upgrade erhalten. Der Mobotix-c71-Smart-Sensor erkennt jetzt Verhaltensanomalien genauer und verbessert die Genauigkeit, wodurch Fehlalarme reduziert werden. Die Nurse-Assist-Sensoren sind weiterhin GDPR- und HIPAA-konform, was die Privatsphäre der Patienten und Bewohner schützt und ihre Sicherheit gewährleistet. Nach der erfolgreichen Einführung von Nurse-Assist, der…
-
Why identity security is your best companion for uncharted compliance challenges
Tags: access, ai, attack, authentication, automation, business, cloud, compliance, control, cyberattack, cybersecurity, data, detection, exploit, finance, framework, GDPR, governance, government, healthcare, HIPAA, identity, india, law, least-privilege, mitigation, monitoring, privacy, regulation, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, zero-trustIn today’s rapidly evolving global regulatory landscape, new technologies, environments, and threats are heightening cybersecurity and data privacy concerns. In the last year, governing bodies have taken significant steps to enact stricter compliance measures”, and more than ever, they are focusing on identity-related threats.Some notable changes include: The National Institute of Standards and Technology (NIST)…
-
Working in critical infrastructure? Boost your effectiveness with these cybersecurity certifications
Tags: attack, automation, awareness, china, cisa, communications, compliance, control, cyber, cybersecurity, defense, finance, germany, governance, government, healthcare, HIPAA, incident response, infrastructure, international, jobs, network, PCI, privacy, ransomware, resilience, risk, risk-management, russia, sans, service, skills, soc, supply-chain, technology, training, ukraine, update, warfareHybrid warfare between nation-states is imperilling critical infrastructure around the world, both physically and electronically. Since the start of the Ukraine-Russia conflict, hybrid cyber/physical attacks on satellite and communications, energy, transportation, water, and other critical sectors have spread across Europe and beyond.Chinese perpetrators are actively infiltrating telecommunications networks in the US and abroad, according to…
-
Watchdog Report: HHS OCR Should Beef-Up HIPAA Audit Program
HHS OIG: Current Audit Program Is Not Pushing Entities Enough to Improve Cyber. The U.S. Department of Health and Human Services’ Office for Civil Rights should restart and toughen the scope of its HIPAA audits. A watchdog agency says HHS needs to better assess whether regulated healthcare organizations are taking required actions to reduce their…
-
Feds Fine Mental Health Clinic $100K in 2020 HIPAA Case
LA County Clinic Delayed Access to Patient’s Medical Records During Pandemic. Federal regulators have fined a Los Angeles county mental health clinic $100,000 for failure to provide a patient with timely access to her requested health records during the COVID-19 pandemic. The case is the U.S. government’s 51st HIPAA patient right-of-access enforcement action. First seen…
-
ISMG Editors: US Election Impact on Cybersecurity, HIPAA
Tags: ai, cybersecurity, election, google, government, healthcare, HIPAA, intelligence, privacy, update, zero-dayAlso: Potential Government Policy Changes; AI-Driven Zero-Day Discoveries. In the latest weekly update, ISMG editors discussed how the recent election results may reshape U.S. cybersecurity policy and healthcare privacy under HIPAA and the groundbreaking role of artificial intelligence in Google’s recent discovery of a critical zero-day vulnerability. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-editors-us-election-impact-on-cybersecurity-hipaa-a-26775
-
Trump’s Return: Impact on Health Sector Cyber, HIPAA Regs
Experts on Potential Data Security and HIPAA Privacy Changes in Trump’s Second Term. With Donald Trump set to return to the White House to serve another four-year term as U.S. president, what might the healthcare sector expect to see when it comes to his next administration’s cybersecurity priorities and HIPAA regulations and enforcement? Experts weigh…
-
Doctor Hit With $500K HIPAA Fine: Feds Worse Than Hacker
Plastic Surgeon Paid $53K Ransom But Says ‘the Real Criminal’ Is HHS. Dr. James Breit recalled the day a hacker locked up his systems with ransomware … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/doctor-hit-500k-hipaa-fine-feds-worse-than-hacker-a-26706
-
What’s in Store for HIPAA Regulations
How Might Election Outcome Affect HHS’ Healthcare Cyber Work?. Regardless of who wins the upcoming Presidential election, one thing is apparent: As th… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/whats-in-store-for-hipaa-regulations-a-26636
-
White House Reviewing Updates to HIPAA Security Rule
Proposal Will Be Open for Public Comment Next, But Will It Go Anywhere?. The Department of Health and Human Service last Friday submitted for White Ho… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/white-house-reviewing-updates-to-hipaa-security-rule-a-26604